package com.soboot.auth.config;

import com.soboot.handler.BaseAccessDeniedHandler;
import com.soboot.handler.BaseAuthenticationEntryPoint;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;

/**
 * @Author:
 * @createTime: 2022年09月20日 23:27:16
 * @version:
 * @Description:
 * @Copyright:
 */
@Configuration
@EnableResourceServer
public class Oauth2ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Autowired
    private BaseAccessDeniedHandler baseAccessDeniedHandler;

    @Autowired
    private BaseAuthenticationEntryPoint baseAuthenticationEntryPoint;

    @Autowired
    private AuthenticationManager authenticationManager;

    /**
     * 资源安全处理
     * @param resources
     * @throws Exception
     */
    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        resources.accessDeniedHandler(baseAccessDeniedHandler)
                .authenticationEntryPoint(baseAuthenticationEntryPoint);
    }

    /**
     * 类似spring security
     * @param http
     * @throws Exception
     */
    @Override
    public void configure(HttpSecurity http) throws Exception {
        //OAuth2核心过滤器
       /* resourcesServerFilter = new OAuth2AuthenticationProcessingFilter();
        resourcesServerFilter.setAuthenticationEntryPoint(authenticationEntryPoint);
        //OAuth2AuthenticationManager，只有被OAuth2AuthenticationProcessingFilter拦截到的oauth2相关请求才被特殊的身份认证器处理。
        resourcesServerFilter.setAuthenticationManager(authenticationManager);
        if (eventPublisher != null) {
            //同上
            resourcesServerFilter.setAuthenticationEventPublisher(eventPublisher);
        }
        if (tokenExtractor != null) {
            //同上
            resourcesServerFilter.setTokenExtractor(tokenExtractor);
        }
        resourcesServerFilter = postProcess(resourcesServerFilter);
        resourcesServerFilter.setStateless(stateless);

        if (!Boolean.TRUE.toString().equals(apolloCouponConfig.getOauthEnable())) {
            // 不需要令牌,直接访问资源
            http.authorizeRequests().anyRequest().permitAll();
        } else {*/
            http
                    //.anonymous().disable()  //匿名访问
                    //.antMatcher("/**")        //匹配需要资源认证路径
                    .csrf().disable()
                    .authorizeRequests()
                    .antMatchers("/swagger-ui.html", "/swagger-resources/**",
                            "/v2/api-docs/**","/actuator/**","/doc.html","/webjars/**"
                    ).permitAll()
                    .anyRequest().permitAll();//匹配不需要资源认证路径
                    //.anyRequest().authenticated()
                   /* .and()
                    .addFilterBefore(resourcesServerFilter, AbstractPreAuthenticatedProcessingFilter.class)
                    .exceptionHandling() //添加filter
                    .exceptionHandling().accessDeniedHandler(accessDeniedHandler)  //异常处理
                    .authenticationEntryPoint(authenticationEntryPoint);   //认证异常流程*/
        }

   /* private AuthenticationManager oauthAuthenticationManager(HttpSecurity http) {
        OAuth2AuthenticationManager oauthAuthenticationManager = new OAuth2AuthenticationManager();
        if (authenticationManager != null) {
            if (authenticationManager instanceof OAuth2AuthenticationManager) {
                oauthAuthenticationManager = (OAuth2AuthenticationManager) authenticationManager;
            }
            else {
                return authenticationManager;
            }
        }
        oauthAuthenticationManager.setResourceId(resourceId);
        //配置tokenService解析方式		oauthAuthenticationManager.setTokenServices(resourceTokenServices(http));
        oauthAuthenticationManager.setClientDetailsService(clientDetails());
        return oauthAuthenticationManager;
    }*/

}
